Some high-security pages, such as online payments or user landing pages, may use HTTPS (SSL/TLS) to improve security. This article describes how to force an action to use HTTPS in ASP. NET MVC and how to jump to an HTTPS page.
We first implement forcing an action to use HTTPS. Here is a requirehttpsattribute that is used to convert a non-HTTPS connection to an HTTPS connection so that all controllers that use the filter Requirehttps will force HTTPS connections.
1 using SYSTEM.WEB.MVC;
2
3 namespace Snowdream.Demo.RequireHttps
4 {
5 public class Requirehttpsattribute:authorizeattribute
6 {
7//<summary>
8///rewrite Onauthorization method
9//</summary>
//<param Name= "Filtercontext" ></param>
public override void Onauthorization (AuthorizationContext filtercontext)
12 {
13//If an HTTPS connection is not processed, otherwise redirected to an HTTPS connection
if (!filtercontext.httpcontext.request.issecureconnection)
15 {
16//Gets the path of the current request
# string path = FilterContext.HttpContext.Request.Path;
18
19//Get host from Web. config, or you can get it directly from HttpContext
String host = system.configuration.configurationmanager.appsettings["HostName"];
21st
22//port to get HTTPS from Web. config
* String port = system.configuration.configurationmanager.appsettings["Httpsport"];
24
25//If the port number is NULL, the default port is used, otherwise the host is written in host:port form
if (port! = null)
27 {
The host = string. Format ("{0}:{1}", host, Port);
29}
30
31//Redirect to HTTPS connection
FilterContext.HttpContext.Response.Redirect (String. Format ("Https://{0}{1}", host, Path);
33}
34}
35}
36}
37
Because the HTTPS and HTTPS services use different port numbers, and HTTPS cannot bind the host header, it can only differentiate the sites by different ports, so the host and port information is written to the Web. config for ease of configuration. Add the following information to the appsettings section of Web. config
1 <appSettings>
2 <add key= "HostName" value= "localhost"/>
3 <add key= "Httpsport" value= "443"/>
4 </appSettings>
5
Httpsport can not write, will use the default of 443.
Then add [Requirehttps] before the Controller or action to use the HTTPS connection, as
1 [Requirehttps]
2 public actionresult About ()
3 {
4 return View ();
5}
6
This will automatically jump to https://localhost/Home/About when we use Http://localhost/Home/About to access the page. However, there is a problem, the link in the Web page is HTTP, when you click into the need to use the HTTPS connection of the Web page to do a redirect. So we're going to change the link in the Web page to HTTPS as well. This step is not difficult, just use the appropriate overloaded method to write all of the html.action () that are linked to the HTTPS page in view. There are 2 overloads available in ASP. 1.0 RTM to set protocol to HTTPS. In a site that is generated by default after you create a new ASP. NET MVC Web application, there is a actionlink in the Site.master file in the shared folder that points to/home/about. Turned out to be
1 Html.ActionLink ("Home", "Index", "Home")
We rewrite it.
1 Html.ActionLink ("about", "about", "Home", "https", "localhost", "", NULL, NULL)
In this way, the generated link is the HTTPS, the click will be used directly after the HTTPS connection without having to do another redirect, then the new link to the HTTPS page can also be modeled as a second.
Hostname information is also used here, We've already written it in Web. config, so we can write a method to get this piece of information in Web. config and splice it into the hostname string you need here, or you can write an extension method specifically for HtmlHelper to handle HTTPS links, which can actually make Time to do the proper optimization.
Sample code Download
Using HTTPS (SSL/TLS) in ASP.